KC7 – Scoreboard

In my previous post KC7 – Intrusion Analysis I introduced it, why it is cool and a great resource for those wanting to get some hands-on experience in Intrusion Analysis and Threat Intel with realistic data in a tool that actual security professionals would use. I then went on to describe how you can set it up to not only generate a new set of realistic data but also host it yourself to be able to run the game for a school function or as part of the training program for your employees.

In this post I had planned to go over how to further customize it and tailor it to suit your needs with customizations to include:

• Changing from local host to an IP or host so that those you want to play can reach the server, create a user and see the scoreboard.

However, as I investigated the code to figure out how to do this, I realized the game we set up in the first post was really just needed to generate the data and push it to your Azure Data Explorer cluster. There really is no need for users to create accounts and log into it. Therefore, it is fine to run it from the localhost.

BUT WHAT ABOUT SCORING?!

I am glad you asked. Enter the KC7 Scoreboard which is another git repository. Therefore, in this blog post I will cover setting this up, changing it from localhost to an IP or FQDN from which others can reach it and then the basic usage of it.

NOTE: There appears to some work still to be done on the scoring itself. See the section titled “Game Session – Challenges Player Dashboard” below. Shows both the answer and the question. Clicking on answers does not always show the associated question.

Installation & Set-Up

I am going to assume you will use the same host VM we set up in the last post so we will jump straight into the commands needed to get the scoreboard, create a virtual environment for it and install the requirements.

virtualenv kc7_scoreboard
mv kc7_scoreboard test
git clone https://github.com/kkneomis/kc7_scoreboard.git
cd test/ && mv * ../kc7_scoreboard && cd .. && rm -rf test/
cd kc7_scoreboard
source bin/activate
pip install -r requirements.txt

The above commands will create a virtual python environment, download the kc7_scoreboard repository from git and move it into the virtual environment. The environment will then be activated, the required python modules in requirements.txt will be installed.

You can now type the following command to start the server:

python app.py

You will then see the following output to your screen:

As you can see from the two images above both #1 and #2 are the same here so lets navigate to 127.0.0.1:8889/login in our browser in our VM and enter the username of admin and the password of admin.

When you click the “Login” button you will see the following:

As you notice in the top right corner it says the “Username or Password is invalid”.

In order to find the password, we navigate to the app directory and open up __init__.py in our favorite text editor.

1. We see the password is listed as “DefNotAdmin”

So, exit out of the “__init.py” let’s change back to the previous directory and run the app again.

Let’s navigate back to 127.0.0.1:8889/login in our browser in our VM and enter the username of admin and the password of DefNotAdmin.

This time when you click the “Login” button you should be successful and see the following page:

Now that we are able to successfully login as the admin lets go about changing the URL to an IP or FQDN that will be reachable by the participants of the game. Stop the server by pressing “Ctrl + c”.

Changing the server host

In the kc7_scoreboard directory where you cloned the git repository open up the app.py file in your favorite text editor and you will see the following code:

1. This is the line that we need to edit in order to change the app to be reachable at a domain name or IP address other than localhost (127.0.0.1). We need to add the following to the code:

host={IP OR Fully Qualified Domain Name}

So, in my case since I am hosting this in my lab environment it would look as follows:

application.run(debug=True, host="kc7.shadow.net", port="8889")

I am now going to save this and start the server again by running the command “python app.py”. You should see the following:

1. When the app starts you should see your new IP or FQDN appear in the first printout. NOTE: The 127.0.0.1 ip will still show in the last printout until you change the print statement to reflect the new host you specified.

Now, if you remember from the first post, I am running the webapp in a VM. I am now going to go to my host OS (the one running the VM) and see if I can reach this host.

As you can see from the highlighted portion, we are now able to access it from the new FQDN we specified. As you can see below in the output to the terminal of the VM the server recognized the web request for the login page.

Changing the server port

Should you need to change the port the server is listening on for some reason, it is just as easy as changing the host. In the same line of code, we modified above we would just modify the port number from 8889 to what we wanted.

application.run(debug=True, host="kc7.shadow.net", port="8642")

Now we save the app.py file and run it again and we will see our modification in the first part of the printout to the terminal.

As you can see in the highlighted section of the image above it was reached with the newly changed port number.

Scoreboard – Admin View & Functionality

Let’s keep working from the browser on our host machine now.

Main Dashboard Overview

1. Click this down arrow to expand the drop-down menu.
2. Manage Teams Dashboard. See existing team information such as Team Name, Member Count, Mitigations, Score, Ability to delete the team. Can also add a new team.
3. Manage users Dashboard. Can see existing usernames and ability to delete. Can also ingest a csv file with columns of Username, Password, Email (optional) and assign a team to them.
4. Manage Sessions Dashboard. Can see existing session info such as #, Session Name, User Count, Users Password, State and option to delete. Also provides option to create a new session by specifying a name and 6-character password.
5. Minimize the side window with the menu.
6. Join a new game.
7. Click either icon here to logout.

Manage Teams Dashboard Overview

This is probably the section you would do first (or maybe create the session if you know whom you will be hosting the game for) as the teams will need to be crated prior to assigning a user to them. You can either do this beforehand or have the participants break up into teams and choose their own team’s name which you can then create.

1. Type the team’s name here.
2. Click “Create New Team”.

In the picture below you can see I created a team named “SheepDogs”.

Manager Users Dashboard Overview

You can either pre-populate this ahead of time if you know the participant names and you can assign generic passwords to each in csv document then auto-create them all at once by choosing the “Choose File” option. Or you can have each participant create their own account.

1. Opens a new file selection window so you can choose the needed csv file. All participants in the file would have to be on the same team. So, if the group you are hosting for has multiple teams you would need a csv file for each team.
2. Select the team the users will be assigned to. This is why it was good to create the team names first.

Manage Sessions Dashboard Overview

1. The name you want for the session. I would think it would be related to the group for which you are hosting the game for. For example: KC7_HighschoolX would be for a game at HighscoolX. It is really up to you and what makes sense for you.
2. This is where you set the password so that participants can join this session.
3. This is a drop down from which you can chose an additional Session manager that can upload and create Challenge Questions. It defaults to the built in “admin” user.
4. Once #1, #2 are filled in you click this button to create the session.

1. The drop-down menu showing a list of available users which can be made a manager for the session you are created. This individual will not be able to play the game but will be able to create new challenges.

Below you can see the two sessions I created.

Even though the Session named life shows “cyb3rsheepdoggy” as the manager the default admin user can still manage it as well.

Join a new game.

When you click the “Join a new game” button in the top right you will be presented with the following screen:

Entering the password of “test42” for the session I created above and clicking the “Join” button takes us to the following screen:

Game Session Administrative Dashboard

1. Challenges: Takes you to the page to create the challenge questions. Either individually or from a csv file.
2. Rankings: This is the default page when you join a game. The one you see above.
3. Back to all games: Goes back to the previous page where you can join a new game and see the games you are part of.
4. Admin Central: These two are the drop down for the main admin page and to minimize the side panel.
5. Rankings Export: You can export the user rankings by clicking one of these 3 buttons.

Game Session – Challenges Administrator Dashboard

1. Time left on the game session.
2. Game Session Timer Toggle. Check this box to turn on the timer for this game session.
3. Calendar Selection. Set this to a date and time in the future to give more time for the game session.
4. Timer Update. Click this button to update the countdown timer to the new time remaining selected with the calendar selection.
5. Add a new challenge. Here you can manually enter each question. To do so you need to enter the name of the challenge in the first box, the questions point value in the 2nd box, the question itself in the 3rd box, the answer in the 4th box and then in the 5th box you can assign it a category (such as Easy, Medium, Hard, or Difficult).
6. Add a new challenge (via csv). Here you can upload a csv file containing all the challenge questions. The first column name refers to the challenge name to which the question should be attached. Value is the point value of the question. Description is the actual question. Answer is the answer to the question.

Time a game session:

The default timer for a game session is 5 hours since per the KC7 documentation this is the average length of time it takes for most to complete the game. Should you want to change it you can do so.

In the image above I just clicked the calendar to select tomorrow February 6 and then changed the time to 0600. Any time after 12:59 PM is shown in military time (i.e. 1300 for 1pm).

Add a new challenge:

Once you submit questions you should start seeing them populate in the bottom of your screen as seen below:

1. The lefthand side here is the answers for the categories (Easy, Medium, Hard, etc..). If you click on a category that has more than one question to it, you will see tiles for each question.
2. This is a question for a Challenge called “Life”. The question has a point value of 25. NOTE: Even though it allows you to specify the Challenge Name it will only add them to the current challenge session you have joined. That is why there are questions for both the “Life” and “Test42” sessions under the actual “Test42” session. The actual users participating in the “Life” session will not be able to see this challenge question.
3. These are two challenge questions for the “Test42” game session in the “Easy” category whose point value is 10 each.

Let’s say you click on the tile shown as #3 above for the Challenge called “Test42” with a point value of 10. You will get the following pop-up which will show the information entered to create the question.

1. You can see how many people have solved this question.
2. You can delete the question from the game if needed.

Add a new challenge (via csv):

Let’s face it. It is much easier to type everything out in multiple cells in an Excel document instead of pointing, clicking and typing multiple times just to add one challenge. I would expect the “adding one at a time is best used to add challenges on the fly during a game session.

Notes & Caveats:

NOTE 1: On the “Add a new challenge (via csv)” section it says the file “Must be csv with columns: Name, Value, Description, Answer”.

If you do this, you will get the following error:

Solution: This is because the csv also needs the last column named “Category”.

Now when you submit the csv file it should populate similar to

Note 2: Only upload a csv file containing the Questions for the challenge whose session you joined to add the questions. If you upload a CSV file containing multiple session names in the “Name” column they will be uploaded to the current session you have joined and not the named sessions like you want. Similar to what I noted above in the Single Challenge Add Section.

Game Session -Rankings Administrator Dashboard

The Rankings dashboard is the same for both the administrator and game players. It is the default screen once you join a challenge.

Scoreboard – User View & Functionality

Creating your account

The first thing you need to do is navigate to the URL the game operator gives you. In my case it will be “http://kc7.shadow.net:8889/login”. When you do so you will be presented with the following screen:

1. Click on “Create an Account!” You will then see the below page:

1. Create a username and type it here.
2. Put your email address in here.
3. Create a password and enter it here.
4. Click the drop-down error on the right and then select the team you wish to join.
5. Click the “Register Account” button.

This will take you back to the login screen and show a green box in the top right corner showing “User successfully registered”.

Go ahead and log in with the username /password you just created.

You will be logged in and then presented with the following screen:

1. Click the “Join a new game” button and follow the same steps to login as you did above as the admin.

1. Challenges: This page will show the questions tiles similar to jeopardy where you see the game name and a point value. It will also have a list of answers.
2. Rankings: This is the page you see when you first join a game.
3. Game Session Name: Name of the session which you joined.
4. Remaining Time: Time remaining in which to complete the game.
5. User Rankings: This is where the user ranks will be displayed.

Game Session – Challenges Player Dashboard

When you first click on “Challenges” from the lefthand menu you will be presented a page similar to the following if the game operator set everything up correctly:

1. Easy Category
2. Hard Category
3. Medium Category
4. Name of the game Session should be on each challenge card.
5. Point value of the Challenge.
6. Name of the session which you joined.
7. Time remaining in which to complete the game.

NOTE: If the game admin used either the single “Add a challenge” or the csv upload to try and add challenges for a game session other than the one called “Test42” you might see something like the image below.

1. This is supposed to be a challenge for the game session titled “Life”.

NOTE: Should this be the case then just notify your game admin so they can correct it.

Now let’s move on.

So, let’s click on the question for game “Test42” with a point value of 50. When I do so I see the following popup.

When I provide the answer of 42 and click submit, I then see the following screen where the tile turns green to indicate I answered it correctly.

Next, I click on the next question, and I see:

This time I will enter a wrong answer and click submit. When I do so I see the following:

1. In the top right I see that the answer I entered was not correct.

Game Session – Challenges Player Dashboard

Now, having answered at least 1 question correctly above I click on the “Rankings” option from the menu, and I am presented with the Scoreboard once again.

We can clear see that the scoring engine has awarded me the correct point values for the 2 questions I answered correctly. One question was worth 10 and the other was worth 50 for a total of 60.

Conclusion

Overall, this is a robust and well thought out scoring platform. While I was writing this post, I did find one bug with “Add a new challenge” that swapped the Answer and Category fields. I created an issue for it and the repository maintainers were quick (maybe an hour?) to fix it. Not only did they fix it, but they also released some additional features such as:

• Game Session Timer
• Ability to make a user a manager to updated and maintain challenges for a session.

I mentioned it as an addendum in my last post about KC7 but I wanted to mention it here as well. The creators of KC7 also have a kc7_data repository on GitHub with some additional scenarios, their guides and instructions on how to ingest that data into your Azure Data Explorer.

I hope this helps get you up and running to run some game sessions of your own.

*** Updated ***

In my next post post I explore how we can customize the data a bit more by changing things such as:

• Victim company Information (Name, # employees, Employee Titles, Website paths, etc…)
• Threat actors (Name, attacks, email themes, TLDs, filenames, malware, etc..)
• Malware (name, filenames, paths, recon processes, c2 processes)
• Seed Text (For emails)

As always thank you for taking the time to read this post.

Advertisement